Hackers love to go after governments, no matter how big or small. And they particularly enjoy purloining government files, especially those not protected by secure file transfer.
Why is that? Because that is where most of the sensitive data is. And it is held in a form that is easy to access and understand. Aren’t documents, and Microsoft Office docs in particular, where MOST of your company’s sensitive data is held?
When that data is sent out, it can be ripe for the picking. “Sensitive data is often stored in carefully protected systems with access controls and restrictions on usage. However, once data is exported from these systems—sometimes for valid business uses such as customer segmentation or powering a marketing campaign—it’s easy to lose control over the data. Sending sensitive data in email messages or as attachments, results in a broader attack surface for sensitive data, thus increasing the threatscape if an email account or cloud storage account is compromised,” Osterman Research said in its What Decision-Makers Can Do About Data Protection report.
Government agencies are an irresistible target. “Cyber criminals go after the government sector to undermine citizen confidence, steal vital and classified data, and leverage systemic cybersecurity weaknesses against agencies,” Osterman explains in its Cybersecurity in Government Viewpoint 2021 report.
While all governmental bodies have sensitive data, some rise to the highest level of secrecy and require strong data security and file protection. “Government agencies hold data that is valuable to foreign governments, political parties, dissenters, and hackers seeking data for identity theft and targeted phishing attacks. For example: Agencies create and maintain sensitive data on military maneuvers, defense plans, known and suspected terrorists, deployment locations and identity details of intelligence agents in other countries, and other issues of national security and foreign policy,” Osterman warned.
The Georgia Secretary of State’s office was hacked and the private data of 6.2 million voters, including Social Security numbers, was stolen. That information was mistakenly put in a State Download File, and even worse, the data was passed on to at least 12 groups.
The Washington State Auditor’s office was breached to the tune of 1,609,101 records relating to unemployment claims. Here, cybercriminals took advantage of a flaw in a file transfer service from third-party vendor.
A government data breach can lead to a major financial loss. They also have grown larger over the years. According to the Cost of a Data Breach Report 2021, sponsored, analyzed and published by IBM Security, the total global cost of data breaches in public sectors rose nearly 79% between 2021 and 2020. That’s a total average data breach cost of $1.93 million. The public sector still represents a much smaller percentage of industries impacted by data breaches. However, the aggressive year-over-year growth of related costs is starting to show how important cybersecurity projects have become.
Isn’t email wonderful? Not when it comes to file protection. Email is used for nearly everything, even things it shouldn’t—like transferring sensitive information. And email is used so often mistakes are sure to happen. How many messages have been sent to the entire organization—when they were meant for only one set of eyes? And given how commonly email is hacked, criminals can read all those confidential attachments, too.
Osterman notes this and warns against the use of email for sharing and transferring files. “The use of email as the primary means of transferring documents containing sensitive information raises several cybersecurity threats, including accidental misdirection of the original by sending it to the wrong person, unauthorized access to items in the Sent folder in an email account following credential theft, and unauthorized access to all messages and attachments stored in the email account—project documentation, sensitive data on people and citizens, organizational strategy thinking, and more,” the researchers explained. “The move to the cloud for email services has seen people gain access to 50GB and 100GB mailboxes. Whether originating from a phishing attack, brute-forcing a password, or another type of compromise, several of the data breaches profiled in this section have been centered on compromised email accounts.”
FIPS stands for Federal Information Processing Standards, which are required by the United States Federal Government for use in information processing activities and systems employed by non-military government agencies and government contractors.
Many government agencies and organizations must comply with FIPS 140-2 and use FIPS validated software to securely transfer operational data, financial information and Personally Identifiable Information (PII).
Your secure file transfer solution should not only support FIPS, but also ensure delivery to the intended recipients and document transfer activities with an audit trail.
There is a better way to ensure file protection: Managed File Transfer (MFT) safeguards data when at rest and in motion. “Email is currently the most common way of sharing documents and files within agencies, across agency lines, and outside of the government sector. Documents containing sensitive and personal data sent by email should be protected with additional protection using encryption. This reduces the likelihood of a data breach if the message is sent to the wrong person, and if the email account is compromised,” Osterman believes. “Managed File Transfer solutions offer a much stronger foundation for sharing and protecting sensitive data. Transferred files are protected by encryption, access is controlled through identity verification, and files are never stored in email accounts.”
Here are three case studies showing Managed File Transfer (MFT) in action.
When Milwaukee County wanted to boost technological efficiency to better achieve its public-service mission, standardizing data file transfer on Progress MOVEit was the obvious choice. Dozens of file transfer solutions used across siloed County departments required manual work, custom coding and a huge time commitment.
“I love its many capabilities. The developer in me can’t wait to use the API functionality. All around, MOVEit is a very solid, feature-rich file transfer tool.” —Ilija Lukic, Application Analyst III, Milwaukee County
The Milwaukee County team experienced the MOVEit difference right away and more teams and departments were getting on board every day. Each team was happy they no longer had to manually transfer files or spend time writing code in their applications to handle the file transfers between environments and systems.
Cambridgeshire County Council is the UK local government authority responsible for administering 60 electoral divisions in the county of Cambridgeshire.
Prior to acquiring a managed file transfer solution, council users would transfer data between public sector organizations either via the Government Connect Gateway or a generic FTP solution. However, many employees regarded this as “clunky,” inefficient and awkward to use. Users also noted there was no way of sharing sensitive information, for instance healthcare, social care or childcare data with third parties such as emergency services or housing associations—which was a frequent requirement.
The council required a secure managed file transfer solution that could:
User feedback to date has been very positive, with the common opinion that because MOVEit uses a friendly portal with clear directions, it was very much like signing up a new consumer service, such as Gmail or Yahoo. Most users were immediately happy with the system with just a small pamphlet of instructions and barely any support has been necessary.
Guelph is a mid-sized city in southwestern Ontario that consistently ranks among Canada’s best places to live. With 2,000 employees serving Guelph’s citizens from City Hall and 40 satellite offices that provide police, fire, emergency medical, public works, transit, permitting and other services, safeguarding confidential information is of paramount importance, and Guelph must adhere to both Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and Personal Health Information Privacy Act (PHIPA) requirements.
But the number of employees who needed to transfer these confidential files on an occasional basis was growing. As a result, many staff members were using consumer-oriented, non-secure file transfer sites for file exchange. This made it impossible for IT to keep track of what files were being transferred, who was transferring them and where they were being sent. In turn, this also made it impossible to fully comply with MFIPPA and PHIPA requirements, putting the City of Guelph at risk.
But now, Guelph is using MOVEit Secure Email Attachments to send large files securely and reduce the burden on their email systems. This solution supports sending and receiving files and messages between individuals and groups using Outlook or a simple browser interface, meeting employees’ need for convenience and ease of use, while enabling IT to exercise the visibility and control they need to address risky personal file-sharing practices. Guelph is deploying MOVEit File Transfer, Progress’ on-premises Managed File Transfer solution. MOVEit can also be deployed in the cloud or in hybrid mode.
Governmental customers of MOVEit get great returns.
MOVEit makes government IT charged with secure file transfer more efficient.
Many data breaches occur when files are moved within your group or to partners and other organizations with a vested interest. With MOVEit Managed File Transfer (MFT) from Progress, you can establish secure collaboration and automated file transfers of sensitive personal data. These files are not only moved safely, but they also include encryption and activity tracking.
By default, all files sent outside the offices should be handled in a secure and trackable way—which is MFT.
With MOVEit Managed File Transfer, you no longer rely upon your employees emailing personal data to other employees, outside entities, or using insecure file sharing services. With Secure MFT Software, you eliminate user errors and can track and report the details of every file transfer.
Government Agencies and Departments use MOVEit to send data files containing sensitive commercial or personal information such as:
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites